updated: dependencies and release 1.27.0

Author: ammnt

.github/workflows/build.yml

@@ -97,23 +97,23 @@ jobs:
           path: "${{ github.workspace }}/dependency-results.sbom.json"
           retention-days: 20
 
-      - name: Analyze image with Anchore💊
+      - name: Analyze image with Grype💊
         id: anchore
         uses: anchore/[email protected]
         with:
           image: ghcr.io/ammnt/nginx:main
           fail-build: false
           severity-cutoff: critical
 
-      - name: Upload Anchore report📊
+      - name: Upload Grype report📊
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ${{ steps.anchore.outputs.sarif }}
 
       - name: Analyze image with Syft💊
         uses: anchore/[email protected]
         with:
-          syft-version: v1.6.0
+          syft-version: v1.8.0
           image: ghcr.io/ammnt/nginx:main
           artifact-name: image.spdx.json
           dependency-snapshot: false

README.md

@@ -30,7 +30,7 @@ https://github.com/openssl/openssl
 - No excess ENTRYPOINT in the image;
 - Slimmed version by Docker Slim tool;
 - Scanned effiniefficiency result with Dive tool;
-- Scanned by vulnerability scanners: GitHub, Docker Scout, Snyk, Anchore, Clair and Syft;
+- Scanned by vulnerability scanners: GitHub, Docker Scout, Snyk, Grype, Clair and Syft;
 - Prioritize ChaCha cipher patch and anonymous signature - removed "Server" header ("banner"):<br>
 https://github.com/ammnt/nginx/blob/main/Dockerfile